Simplified authentication method for controls on persons

ABSTRACT

The invention proposes a method for controls on persons in possession of a document comprising a machine-readable zone containing a document number and an electronic chip in which an authentication biometric is stored, comprising:
         at a first step ( 100 ),
           acquiring ( 120 ) a biometric datum,   acquiring ( 110 ) the document number by reading the machine-readable zone, and   recording ( 130 ), in a memory ( 20 ), the number linked with the biometric datum, and   
           at a second step ( 200 ),
           acquiring ( 210 ) a biometric,   from said biometric datum retrieving ( 220 ), in the memory, the number of the identity document corresponding to the person,   accessing the content of the chip and retrieving the authentication biometric datum ( 240 ), and   performing authentication ( 250 ) of the person by comparing the authentication biometric datum with a biometric datum of the person.

FIELD OF THE INVENTION

The invention concerns a method for controls on persons in possession ofan identity document such as a passport comprising a machine-readablezone, containing a document number and an electronic chip in which anauthentication biometric datum of the person is stored. The inventionalso applies to controls on persons for access to a protected area orservice such as access to boarding on an aircraft.

STATE OF THE ART

Identity control is sometimes required when a person accesses aprotected area or service e.g. when crossing a border or when boardingon an aircraft.

Electronic identity documents such as electronic passports or identitycards allow identity control to be carried out by biometricauthentication i.e. by comparing a biometric datum acquired on abiometric feature of a person with a biometric datum pre-recorded in achip contained in the identity document.

Such documents allow increased security since the biometric contained inthe document can be protected and signed by an official entity whichissued the document, and can be verified at the time of control.

They also allow automation of identity controls by means of dedicatedcontrol devices whereby passport holders can themselves submit theirpassports for read-out to a control device.

However, the physical handling of identity documents, and in particularin booklet form such as passports, can raise difficulties for a personwishing to identify him or herself.

The biometric data contained in identity documents have read protection.To have access thereto, the number of the identity document must beobtained that is located in a machine-readable zone (MRZ). Saidmachine-readable zone is part of the surface of the document (oroptionally one of the pages thereof) comprising printed text innormalised format so that it can be read by a computer and decrypted byoptical recognition of the printed characters.

Therefore, to perform authentication, the person must present thedocument on the particular page of the document in which themachine-readable zone is contained, in a specific direction allowingread-out by a reader of the control device. Once the number is obtained,it can be used to gain access to the content of the chip.

As a result, if the identity document is not properly presented,authentication of the person can fail.

This physical handling step is time-consuming and tends to causecongestion in waiting queues e.g. at airports. In addition, it is thecause of a substantial proportion of failed authentications of persons.

It is consequently necessary, for the decongestion of queues at borderpoints, to limit handling of these documents as much as possible inorder to carry out authentication of persons for control purposes.

One solution to this problem has already been proposed. It proposessplitting the control step into two, with a first step at which handlingof the identity document is required, and a second step at whichauthentication takes place without handling of the identity document.

More specifically, at a first step the passport is handled by the personto position it correctly on a reader of a control device which reads themachine-readable zone of the passport and accesses the biometric datumcontained in the passport, in this case an image of the face of theperson.

A number is associated with this biometric datum and a ticket carryingthis number is issued to the person. The biometric datum and the numberare recorded in a database.

At the second step, the person presents the ticket to a second controldevice. This device reads the number on the ticket and accesses thedatabase to retrieve the corresponding biometric datum.

At the same time, a photograph of the person is taken by the controldevice and this photograph is compared with the biometric datumretrieved from the base (and which corresponds to the biometric datumstored in the passport) to carry out biometric authentication of theperson.

With this solution, it is therefore possible to move the time-consumingstep of passport handling upstream of the authentication step whichgives access to the secure area, and to decongest the queue at thisstep.

However, this solution does not fully solve the problem, since theticket issued to a person represents an additional document to be keptwhich may be lost or exchanged. In addition, it is neverthelessnecessary to handle this ticket at the second step, which may take moretime and cause errors.

PRESENTATION OF THE INVENTION

It is an objective of the invention to overcome the issues raised above.In particular, it is one of the objectives of the invention to proposean automatic control method minimising handling of documents by holdersthereof.

A further objective of the invention is to reduce the time needed tocarry out the authentication step.

A further objective of the invention is to propose a control method thatis simple and practical for persons to implement.

In this respect, the object of the invention is a method for controls onpersons in possession of an identity document comprising amachine-readable zone containing a document number and an electronicchip in which an authentication biometric datum of the person is stored,the method comprising:

-   -   at a first step implemented by a first control device,        -   acquiring a first biometric datum on a biometric feature of            the person,        -   acquiring the number of the person's identity document by            reading the machine-readable zone of the identity document,            and        -   recording in a remote memory the number linked with the            person's biometric datum, and    -   at a second step implemented by a second control device,        -   acquiring a second biometric datum on the same biometric            feature of the person as the one on which the first            biometric datum was acquired,        -   from the second biometric datum retrieving in the memory the            number of the identity document corresponding to the            person's biometric feature,        -   from the number of the person's identity document, accessing            the content of the electronic chip of the identity document            and retrieving the authentication biometric datum, and        -   performing biometric authentication of the person by            comparing the authentication biometric datum stored in the            chip with a biometric datum acquired by the second control            device.

Advantageously, but optionally, the method of the invention may furthercomprise at least one of the following characteristics:

-   -   the biometric datum acquired by the second control device for        the biometric authentication step may be the second biometric        datum or another biometric datum acquired on a different        biometric feature.    -   the retrieval step of the number of the identity document in the        memory may comprise:        -   comparison of biometric data stored in the memory with the            second biometric datum, and        -   selection of at least one number corresponding to at least            one biometric datum having a similarity rate with the second            biometric datum higher than a predetermined threshold.    -   if more than one identity document number has been selected, the        step to access the content of the chip of the identity document        may comprise the implementation of an attempt to open the chip        with each selected number until opening of the chip.    -   the first step may also comprise the recording in the remote        memory of at least one additional datum linked with the number        of the identity document and the first biometric datum, and the        step to retrieve the number of the identity document comprises        the preselection, in the memory, of the biometric datum and        document numbers associated with said additional datum.    -   at the second step, the additional datum may be acquired by the        second control device, or it may be known to the second control        device by being associated therewith i.e. being intrinsically        related thereto.    -   the biometric feature on which the first and second biometric        data are acquired can be selected from the group comprising: one        or more fingerprints, one or more iris scans, the person's face,        the venous network of one of more fingers or of one or both        hands, or the respective sizes of phalanges or fingers.    -   the step may comprise the acquisition of a plurality of        biometric data on different biometric features of the person,        and the recording of the document number linked with each of the        biometric features.    -   the identity document may be a passport, and:        -   at the first step, the passport is presented open on the            page of the machine-readable zone to the first control            device to implement the acquisition step of the passport            number, and        -   at the second step, the passport is presented closed to the            second control device to implement the step to access the            content of the chip.    -   at the second step, the passport can be presented in any        orientation relative to the second control device.    -   the first control device may be physically remote from the        second, and is a personal device owned by the person from among        a mobile telephone, tablet computer, personal computer or a        kiosk installed within one same infrastructure as the second        control device.

Another object of the invention concerns a computer readable mediumcomprising code instructions to implement the method comprising stepsof:

-   -   acquiring and processing an image of a person's biometric        feature to obtain a biometric datum,    -   reading a machine-readable zone of an identity document to        acquire a document number, and    -   recording, in a remote memory, the number linked with the        biometric datum,        when executed by a processor.

A further object of the invention also concerns a computer readablemedium comprising code instructions to implement the method comprisingsteps of:

-   -   acquiring and processing an image of a person's biometric        feature to obtain a biometric datum,    -   from said biometric datum, retrieving in a memory an identity        document number corresponding to the biometric feature from        which the biometric datum was acquired, and    -   from the number of the person's identity document accessing the        content of the electronic chip of the identity document and        retrieving an authentication biometric contained in said chip,        when executed by a processor.

A further object of the invention is a system for controls on persons,comprising:

-   -   a memory,    -   a first control device comprising a module to read a        machine-readable zone of an identity document, a module to        acquire a biometric datum, and a communication interface with        the memory, and    -   a second control device comprising a module to acquire a        biometric datum, a reader adapted to access the content of a        chip of an identity document, and a communication interface with        the memory,        characterized in that it is adapted to implement the method        described in the foregoing.

Advantageously, but optionally, in the system of the invention forcontrols on persons, the first control device is a personal electronicdevice owned by the person from among a personal computer, mobiletelephone and tablet computer.

The proposed invention allows facilitation of the control method sincethe handling step of the identity document is separate from theauthentication step and can even be carried out by the person using apersonal electronic device such as a mobile telephone at a place chosenby the person (e.g. at home).

In addition, the authentication step is facilitated since all that isrequired is to obtain a new biometric datum of the person in order to beable to retrieve the number of the identity document and access thecontent of the chip. It is therefore not necessary to handle thedocument for presentation of the machine-readable zone to a reader. Inthe case of a document in booklet form such as a passport, said documentcan even be presented closed to the control device since this does notprevent the control device from accessing the content of the chip.

Furthermore, no additional document needs to be added to the identitydocument to carry out authentication.

DESCRIPTION OF THE FIGURES

Other characteristics, objectives and advantages of the presentinvention will become apparent on reading the following detaileddescription, in connection with the appended drawings given asnon-limiting examples and in which:

FIG. 1 schematically illustrates a control system,

FIGS. 2 and 3 schematically illustrate the main steps of a controlmethod.

DETAILED DESCRIPTION OF AT LEAST ONE EMBODIMENT OF THE INVENTION

System for Controls on Persons

With reference to FIG. 1, a system for controls on persons 1 isillustrated. This system allows the biometric authentication of persons,to authorise or deny access of persons to a secure area or service.

For control to be carried out, the person must be in possession of anidentity document comprising an electronic chip e.g. RFID chip in whicha biometric, acquired from a biometric feature of the individual, isstored.

The biometric contained in the identity document is termed anauthentication biometric in the remainder hereof.

The identity document also contains a number identifying said document,this number being printed in a machine-readable zone (MRZ) i.e. aportion of the surface of the document or of one of its pages in aformat readable by a computer or any equivalent processing unit able toperform optical recognition of characters.

The identity document is advantageously a passport i.e. a document inbooklet form comprising covers and a set of pages, the machine-readablezone being contained in one of the pages of the booklet, which impliesopening of the passport at the right page and correct positioning of thepassport for the reading of this zone.

The system for controls on persons can be used for example to checkpersons before embarking on board an aircraft or before crossingnational borders.

The system 1 for controls on persons comprises a first control device10, a memory 20 and a second control device 30.

The second control device 30 is advantageously arranged at the entry toa secure access area. It may be in the form of a gate through which aperson may only be authorised to pass in the event of successfulauthentication.

The first control device 10 is advantageously an electronic devicepersonal to the individual i.e. a personal computer, mobile telephone ortablet computer.

As a variant, it may be a fixed control structure such as a kiosklocated within the same infrastructure (e.g. the same building) as thecontrol device 30 and at a distance therefrom. For example, regardingcontrol at an airport before embarking on an aircraft, the first controldevice can be located in the same departure terminal as the seconddevice. However, it is not located in the queue of the second controldevice so that it is possible divide the flow of persons using the twodevices.

The first control device 10 comprises a computer 11 e.g. a processor,microprocessor, controller, etc.

It also comprises a module 12 to read the content of a machine-readablezone, MRZ, of a document. For example, the module 12 may comprise animage sensor 13 such as a digital still camera or digital video cameraadapted to acquire an image of the machine-readable zone, and acharacter recognition module 14. The module 14 may be a softwareapplication that can be executed by the computer 11 or alternatively aphysical module. This may be the case for example when the first controldevice is the individual's mobile telephone or tablet or personalcomputer and when this device is configured to perform characterrecognition. As variant, the processing of the image of themachine-readable zone can be performed remotely if the individual'sdevice does not have this functionality. In this case, the module 14 maybe a software application that can be executed by a computer of anotherprocessing unit remote from the first control device (not illustrated),the first control device then comprising a communication interface withthe remote processing unit to send the image of the machine-readablezone on which character recognition is to be performed.

In addition, the control device 10 comprises a module 15 to acquire abiometric on a biometric feature of a person. For example, the biometricmay be the shape of the face, one or more finger prints of the persons,or one or more iris scans of the person. It may also be the venousnetwork structure of one of more fingers or of one or both hands, or therespective sizes of phalanges or fingers.

The biometric acquisition module 15 comprises an image sensor that isadvantageously the sensor 13 indicated above, and an image processingmodule 16 adapted to extract a biometric from an image of a biometricfeature. The extraction of the biometric is performed by processing theimage of the biometric feature and is dependent on the type of biometricfeature. Various types of image processing to extract biometric data areknown to those skilled in the art. As a non-limiting example, theextraction of the biometric may comprise extraction of the minutia offingerprints from a fingerprint image. As a variant, it may compriseextraction of particular points of the shape of a face if the image isan image of the person's face, etc.

Finally, the first control device 10 comprises a remote communicationinterface 17 with a memory 20 of the control system 1. This interfaceallows the computer 11 to exchange information with the memory 20. Thememory 20 is advantageously remote from the first control device 10.Therefore, the communication interface 17 is preferably the combinationof a wireless communication interface e.g. of Wi-Fi or Bluetooth type ora mobile telephone network (GPRS, 3G, 4G or other) with any otherdownstream communication network connecting with the memory 20.

Advantageously, but optionally, the first control device 10 may finallycomprise a data entry interface 18 such as a keypad, touch screen, etc.

The second control device 30 comprises a computer 31 which may also be aprocessor, microprocessor, controller, etc.

It also comprises a module 32 to acquire a biometric from a biometricfeature of an individual, which advantageously comprises an image sensor33 adapted to acquire an image of a person's biometric feature, and animage processing module 34 adapted to extract a biometric from an imageof a biometric feature via suitable processing of the image of thebiometric feature. The image sensor 33 may be a digital still camera forexample or digital video camera. As is the case with the imageprocessing module 16, the extraction technique used by the module 34 isknown to those skilled in the art and is dependent on the type ofbiometric feature under consideration.

The memory 20 of the control system 1, already mentioned above, may be amemory integrated in the control device 30. As variant, it may be amemory remote from the control device 30, advantageously a database. Inthis case, the device may also comprise a remote communication interface35 with the memory 20.

Finally, the second control device 30 comprises a reader 36 of anidentity document chip. Typically, the chip contained in the identitydocument is a radio frequency chip (e.g. a radio-identification RFIDlabel or UHF chip), and the reader 36 is adapted for remote reading ofthe chip via radiofrequency communication with the chip.

The second control device 30 may also comprise a data entry interface 37such as a keypad, touch screen, etc.

The system 1 is adapted to implement the control method described below.

Method for Controls on Persons

With reference to FIGS. 2 and 3 the main steps are illustrated of amethod for controls on persons. With this method, it is possible toverify that a person presenting for control indeed corresponds to theperson to whom the identity document was issued, via biometricauthentication by taking a live biometric of the person and comparingthis biometric with the authentication biometric stored in the chipcontained in the document.

The method has a first step 100 implemented by the first control device10. As has been seen, since the first control device is possibly apersonal device owned by the individual, the first step 100 in this casecan be implemented in any place that is convenient for the person and inparticular at home.

The first step 100 comprises a step 110 to read the number of theidentity document contained in the machine-readable zone of thedocument. This step requires the person to handle the identity documentso as to present the document to the sensor 13 on the page of themachine-readable zone and with the machine-readable zone in line withthe acquisition zone of the sensor 13 i.e. presented in a position anddirection enabling the sensor to acquire an image of the zone. The readmodule 12 of the first control device acquires an image of themachine-readable zone and extracts the document number from this zone.

The first step 100 also comprises a step 120 to acquire a firstbiometric on a biometric feature of the person by means of module 12.

As variant, at step 120, several biometrics of the person can beacquired on different biometric features. For example, a first biometricfrom the person's iris and a second from the face or fingerprint, etc.

The order of succession of steps 110 and 120 is indifferent.

Next, at step 130, the first control device 10 records in the memory 20the number of the identity document linked with the first biometric andwhen applicable with each of the biometrics acquired at step 120. Asnon-limiting example, data can be generated by the computer 11comprising the number and first biometric e.g. in doublet form andstored in the memory.

The recording of several biometrics linked with the number of theidentity document can make the method compatible with differenttechnologies applied at different control points, or can increase thesecurity of the method by using several biometrics in the remainder ofthe method to retrieve the number of the identity document.

Advantageously, but optionally, the first step 100 of the method mayalso comprise the acquisition 140 of additional data comprising:

-   -   Identity data on the person, these data possibly being compared        with data given in the identity document and allowing increased        control security (e.g. name, forename(s), date and place of        birth), and/or    -   Data allowing distinguishing of the person among a group of        persons passing through the same control. For example, for        embarkation on board a flight, the data may comprise the flight        number, name of the airline, the take-off and/or landing        airport, etc. As a variant, for border crossings, this may be a        visa number, country of origin, etc.

The acquisition step 140 is advantageously implemented before step 130,and in this case at this step 130 the data allowing distinguishing ofthe person are also recorded in connection with the document number andacquired biometric of the person.

The method next comprises a second step 200 performed by the secondcontrol device 30. This step is implemented after step 100, for examplea few minutes or few hours later, even the next day or several daysafter.

At this second step 200, the person comes before the second controldevice 30 and presents to the biometric acquisition module 32 the samebiometric feature as the feature from which the first biometric wasacquired. A second biometric is acquired on this feature at step 210.

At step 220, the second control device 30, using this biometric,retrieves in the memory 20 the document number previously recorded forthe same person. To do so, the device searches memory 20 for a biometriccorresponding to the second biometric i.e. the one acquired on the samefeature, by comparing the second biometric with the biometrics recordedin the memory. A match is found if a similarity rate between twobiometrics exceeds a predetermined threshold, which is dependent on themanner in which comparison is made and the type of biometric feature.One non-limiting example of performing a comparison between two data isvia distance calculation (Euclidian distance, Hamming distance, etc.)between the data.

The control device 30 then retrieves the document number correspondingto each of the biometrics having a match with the second biometric thatis higher than said threshold. The control device 30 may thereforeretrieve one or more document numbers.

If several biometrics have been acquired on different biometric featuresat step 120, then either several biometrics are acquired on the samefeatures at step 210 and are used at step 220 to search for the numberof the identity document, which increases the security of the document,or a single biometric is acquired and used at step 220. The diversity ofbiometrics acquired at step 120 will increase the compatibility of themethod with different control devices 30.

If, at step 100, additional data for distinguishing of the person wererecorded linked with the first biometric and with the document number,step 200 may comprise an additional step 230 to acquire additional datafor which the person again enters the same data as at step 140.Advantageously, this data entry is not necessary if these additionaldata at step 140 are intrinsically and hence previously known to thecontrol device 30 e.g. via location if such data designates the airportat which the control device 30 is located.

This step 230 is implemented before step 220. In this case, theadditional data are used to restrict the number of biometrics in thememory to be compared with the second biometric, by only selectingbiometrics recorded in the memory that are linked with the sameadditional data (e.g. same flight number, same destination, etc.).

This accelerates implementation of step 220 and reduces the number ofdocument numbers obtained at the end of this step.

Step 200 then comprises step 240 at which the identity document ispresented by the person to the reader 36 of the second control device,and the control device 30 reads the content of the document chip toretrieve the authentication biometric using the document number ornumbers acquired.

Since the reader 36 only reads the information stored in the chipcontained in the document, and not the information indicated in amachine-readable zone, it is not necessary to present the documentopened or in a particular direction. In particular, the passport can bepresented closed e.g. being placed on a dedicated support (notillustrated) of the second control device. This entails considerabletime savings for the person who no longer needs to handle the identitydocument in any particular manner, or any other document with a readablezone or bar code that has to be read, and eliminates failure risksrelated to such handling.

The reader accesses the authentication biometric using the documentnumber as password. In the event that, after step 220, several numbershave been retrieved, the reader attempts to open the chip using thenumbers one after the other until the number is used which correspondsto the person's identity document and authorises access to the contentof the chip.

Step 200 next comprises a biometric authentication step 250 of theperson. This step comprises comparison of the authentication biometriccontained in the document chip with another biometric acquired on thesame feature. This other biometric may be the second biometric which wasacquired to retrieve the document number in the memory, therebysimplifying step 250 which then does not comprise a biometricacquisition sub-step.

As variant, this other biometric may be a third biometric acquired bythe control device solely for authentication purposes. This is notablythe case if the biometric feature corresponding to the authenticationbiometric differs from the one corresponding to the first and secondbiometrics.

As a function of the result of biometric authentication, the person isauthorised or denied access to the area.

Thus the proposed method therefore eliminates handling of the identitydocument at the second step at which biometric authentication of theperson is performed, without adjoining the handling of any additionaldocument, which simplifies and accelerates completion of this step.

The invention claimed is:
 1. A method for controls on persons inpossession of an identity document comprising a machine-readable zonecontaining a document number and an electronic chip in which anauthentication biometric datum of the person is stored, the methodcomprising: at a first step implemented by a first control device,acquiring a first biometric datum on a biometric feature of the person,acquiring the number of the person's identity document by reading themachine-readable zone of the identity document, and recording, in aremote memory, the number linked with the person's biometric datum, andat a second step implemented by a second control device, acquiring asecond biometric datum on the same biometric feature of the person asthe one on which the first biometric was acquired, from the secondbiometric datum, retrieving, in the memory, the number of the identitydocument corresponding to the person's biometric feature, from thenumber of the person's identity document, accessing the content of theelectronic chip of the identity document and retrieving theauthentication biometric datum, and performing biometric authenticationof the person by comparing the authentication biometric datum stored inthe chip with a biometric datum acquired by the second control device.2. The method according to claim 1, wherein the biometric datum acquiredby the second control device for the biometric authentication step isthe second biometric datum, or another biometric datum acquired on adifferent biometric feature.
 3. The method according to claim 1, whereinthe retrieval step of the number of the identity document in the memorycomprises: comparison of biometric data stored in the memory with thesecond biometric datum, and selection of at least one numbercorresponding to at least one biometric datum having a similarity ratewith the second biometric datum higher than a predetermined threshold.4. The method according to claim 3, wherein if more than one identitydocument number has been selected, the step to access the content of thechip of the identity document comprises the implementation of an attemptto open the chip with each selected number until opening of the chip. 5.The method according to claim 3, wherein the first step also comprisesthe recording in the remote memory, of at least one additional datumlinked with the number of the identity document and the first biometricdatum, and the retrieval step of the number of the identity documentcomprises the preselection, in the memory, of biometric data anddocument numbers associated with said additional datum.
 6. The methodaccording to claim 5, wherein at the second step, the additional datumis acquired by the second control device, or is known to the secondcontrol device by being associated therewith.
 7. The method according toclaim 1, wherein the biometric feature on which the first and secondbiometric data are acquired is selected from the group comprising: oneor more fingerprints, one or more iris scans, the person's face, thevenous network of one or more fingers or of one or both hands, or therespective sizes of phalanges or fingers.
 8. The method according toclaim 1, wherein step comprises the acquisition of a plurality ofbiometric data on different biometric features of the person, and therecording of the document number linked with each of the biometrics. 9.The method according to claim 1, wherein the identity document is apassport, and: at the first step, the passport is presented open on thepage of the machine-readable zone to the first control device toimplement the acquisition step of the passport number, and at the secondstep, the passport is presented closed to the second control device toimplement the step to access the content of the chip.
 10. The methodaccording to claim 9, wherein at the second step, the passport ispresented in any orientation relative to the second control device. 11.The method according to claim 1, wherein the first control device isphysically remote from the second, and is a personal device owned by theperson from among a mobile telephone, tablet computer and personalcomputer or a kiosk installed within one same infrastructure as thesecond control device.
 12. A computer readable medium comprising codeinstructions to implement the first step of the method according toclaim 1, comprising steps of: acquiring and processing an image of aperson's biometric feature to obtain a biometric datum, reading amachine-readable zone of an identity document to acquire a documentnumber, and recording, in a remote memory, the number linked with thebiometric datum, when executed by a processor.
 13. A computer readablemedium comprising code instructions to implement the second step of themethod according to claim 1, comprising steps of: acquiring andprocessing an image of a person's biometric feature, to obtain abiometric datum, from said biometric datum, retrieving, in a memory, anidentity document number corresponding to the biometric feature fromwhich the biometric datum was acquired, and from the number of theperson's identity document accessing the content of the electronic chipof the identity document and retrieving an authentication biometricdatum contained in said chip, when executed by a processor.
 14. A systemfor controls on persons, comprising: a memory, a first control devicecomprising a module to read a machine-readable zone of an identitydocument, a module to acquire a biometric datum, and a communicationinterface with the memory, and a second control device comprising amodule to acquire a biometric datum, a reader adapted to access thecontent of a chip of an identity document, and a communication interfacewith the memory, wherein it is adapted to implement the method accordingto claim
 1. 15. The system for controls on persons according to claim14, wherein the first control device is a personal electronic deviceowned by the person, from among a personal computer, mobile telephoneand tablet computer.